Hot questions for Using Applets in signed applet

Top Java Programmings / Applets / signed applet

Question:

I want to check if a Jar File is Signed, the response should return the following details

  1. Certification file provider e.g. Trusted CA, Digicert, Norton etc
  2. Expiry Date of the signature if any
  3. Date Signed if any
  4. If the applet is Self Signed or Not

How do I achieve this?


Answer:

  1. Get the CodeSource via Class.getProtectionDomain().getCodeSource().
  2. Get the certificate chain.
  3. If it exists, the JAR is signed.
  4. If it is length 1, the certificate is self-signed.
  5. It is signed by whoever appears in the IssuerDN of the first certificate in the chain.
  6. The validity dates are in the Certificate.

Question:

I've just signed my applet with a certificate from Thawte and now when I load it from my web page I get a information popup that says "Do you want to run this application?" It's a "good" message box according to the java help because it identifies who signed the code and trusts it however I see no way of getting rid it of it cause it's annoying.

I tried to add my site to the exception list but no luck, on the previous java versions there used to be a checkbox that said "Always trust content from this publisher", well, I can't seem to get that checkbox to show up on Java 8, I suppose it doesn't exist anymore.

I would really appreciate any help here. Thanks


Answer:

According to this link, a security prompt will ask for confirmation before allowing Java content to run in the browser. You can't prevent it showing it on the first time.

Quoting the information available on the link above:

The messages presented depends upon different risk factors, such as using old versions of Java or running applet code that is not signed from a trusted Certificate Authority. Apps that present a lower risk display a simple informational message. This includes an option to prevent showing similar messages for apps from the same publisher in the future.

Even running applets from Oracle, such as JavaFX Samples, you'll see a prompt like this:

Update: According to this link, a security prompt doesn't show the option Do not show this again for apps from the publisher and location above if you are hosting the application on multiple locations:

Question:

I have an applet that receives an XML that serialized a JasperPrint object and print it using printservices. The applet is signed and the certificate is imported in house.

This applet is in a Web application that call it using javascript and it runs in terminals with Windows XP.

The problem is that when you use the applet always displays the prompt to run the application and users have to confirm to print.

Is there any way around this without ever having to confirm?

UPDATE:

i google the problem and i see that applet is dying (like @user3712670 says), there are another alternative to run java code on client pc from a web page?

i need to use it locally


Answer:

Short answer: no.

Any settings for those confirmation dialogs are client-side, so there's nothing you can do in your code or on your server to prevent them.

You might be able to get rid of some of them by making your clients change their security settings, but this is probably not advised. And you probably can't get rid of all of them.

You can check the plugin settings for the particular browser you're running, and you can check the Java security settings from the Control Panel.

The real answer is that applets are a dying technology, and trying to make them work is a bit like plugging up the holes in a sinking ship.

Question:

Is it possible to have self-signed Applets without restrictions in local network? I can configure my user's PCs since they are all in LAN.

The idea is that I self-sign Applet, and out IT department edits client's PCs, so that they auto trust our Applets.

Is this possible, or are there any restrictions?


Answer:

Here it is an url where they explain how to solve your problem

http://www.jade-cheng.com/uh/ta/signed-applet-tutorial/

Question:

I need to access the local running LDAP via applet for authenticating users from their own organization security.

But when i click the login button and applet tries to connect to the 10.0.215.45 server it gives following exception

     network: Connecting http://qa.mycompany.com/loginldap/jndi.properties with proxy=DIRECT
    network: Connecting http://qa.mycompany.com/loginldap/jndi.properties with cookie "__utma=3105202.1962924881.1410333072.1410351890.1411365879.4; __utmz=3105202.1410333072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _bcvm_vrid_3210241798524429162=9098969101660648460T0DA4F9342F9A96696C8032E97870412050BB1ADC5C79D4B5EAA03F617D96473191202EB66601664B00D33A3B14F5A765452D84B6F8C4149A8E9235E8EEFB41FE; inproducttranslatemode=false"
    network: Connecting http:// 10.0.215.45 :389/crossdomain.xml with proxy=DIRECT
    network: Connecting http:// 10.0.215.45 :389/ with proxy=DIRECT
    java.security.AccessControlException: access denied ("java.net.SocketPermission" "10.0.215.45:389" "connect,resolve")
        at java.security.AccessControlContext.checkPermission(Unknown Source)
        at java.security.AccessController.checkPermission(Unknown Source)
        at java.lang.SecurityManager.checkPermission(Unknown Source)
        at java.lang.SecurityManager.checkConnect(Unknown Source)
        at sun.plugin2.applet.SecurityManagerHelper.checkConnectHelper(Unknown Source)
        at sun.plugin2.applet.AWTAppletSecurityManager.checkConnect(Unknown Source)

I have self signed the applet jar during my build process

<target name="dist" depends="clean,compile" description="generate the distribution">
<mkdir dir="${dist}" />
<copy todir="${build}">
    <fileset file="${src}/conf.properties" />
</copy>
<jar jarfile="${dist}/${module-jar-file}" basedir="${build}">
    <manifest>
        <attribute name="Permissions" value="sandbox" />
        <attribute name="Codebase" value="*.mycompany.com" />
        <attribute name="Application-Library-Allowable-Codebase" value="*.mycompany.com" />
        <attribute name="Application-Name" value="Company - SSO" />
        <attribute name="Main-Class" value="com.mycompany.authentication.sso.Application"/>
        <attribute name="Entry-Point" value="com.mycompany.authentication.sso.applet.Applet" />
    </manifest>
</jar>
<signjar jar="${dist}/${module-jar-file}" alias="signalias" keystore="keystore" storepass="storepass">
</signjar>
<copy todir="${dist}">
    <fileset file="resources/index.html" />
</copy>

My overall architecture goes like

>>>>>>>>>>>>>> INTERNET <<<<<<<<<<<<<<<

 +-------------------------+
 +                         +
 +                         +
 +    qa.mycompany.com     +    <= applet is hosted here
 +         SERVER          +
 +                         +
 +-------------------------+

**************************************************************************************

>>>>>>>>>>>>>> LOCAL NETWORK <<<<<<<<<<<<<<<

    +-----------------------------------------------+
    +                                               +
    +   http://qa.mycompany.com/loginldap           +
    +                                               +
    +-----------------------------------------------+
    +                                               +
    +                                               +
    +       Client browser downloading applet       +  =======||
    +                 and running                   +         ||
    +                                               +         ||
    +-----------------------------------------------+         ||
                                                              ||
                                                              ||        (10.0.215.45)  
                                                              ||        +------------+
                                                              ======>>  +            +
                                                                        +    LDAP    +
                                                                        +            +
                                                                        +------------+

Answer:

Here is how I made it working

  1. I changed the manifest line from <attribute name="Permissions" value="sandbox" /> to <attribute name="Permissions" value="all-permissions" />
  2. added my host http://qa.mycompany.com to exception site list since I don't have any proper SSL certificate. From Java Control Pannel under Security Tab.

This atleast started and worked my applet in browser. Later for production environment I can have a proper SSL certificate and assign proper permissions as per my requirement.